Executive Briefing August 25, 2017

HILL UPDATE

ARTICLE SUMMARY

DATA BREACHES AND hacks of US government networks, once novel and shocking, have become a problematic fact of life over the past few years. So it makes sense that a cybersecurity analysis released today placed the government at 16 out of 18 in a ranking of industries, ahead of only telecommunications and education. Health care, transportation, financial services, retail, and pretty much everything else ranked above it. The report goes beyond the truism of government cybersecurity shortcomings, though, to outline its weakest areas, potentially offering a roadmap to change.

No good deed goes unpunished, Silicon Valley CEOs mutter, as they watch much of the liberal commentariat and policy world turn against the Tech Titans, labeling them monopolists and destroyers of the news and civic culture. We give to the correct candidates, support the correct causes, and even fire the politically incorrect employees. Now our friends have turned on us, writing books and policy manifestos calling for beefed up antitrust and even raising the possibility of the corporate death penalty — the breakup. Meanwhile, conservatives have finally had enough. As natural allies of these entrepreneurial firms, capitalist Republicans spent the past 15 years trying to build bridges to Silicon Valley, without much success. Despite Big Tech’s overwhelming financial support for Democrats, most Republicans admired these most innovative of American firms and resisted the temptation to retaliate. Now, however, conservative patience may finally have run out. They believe the Silicon Valley firms have become explicitly partisan entities — in politics and the culture wars.

A patent-licensing entity that sued the five largest cell phone carriers has seen its biggest victory slip away. Prism won a $30 million verdict against Sprint in 2015, when a jury found that Sprint violated US Patents No. 8,127,345 and 8,387,155, both of which describe methods of “managing access to protected computer resources.” According to the complaint (PDF), filed in 2012, Sprint’s Simply Everything Plan and Everything Data Plan were both methods of “controlling access to Sprint’s protected network resources” and thus infringed the patents. Earlier this month, though, US District Judge Lyle Strom ruled (PDF) that Prism won’t be able to collect on its verdict. Prism used the same patents to take on T-Mobile, which defeated the patents and prevented Prism from collecting the Sprint verdict as well.

The administration’s tech team remains largely vacant. The Office of Science and Technology employs just 40 people, down from roughly 130 under President Obama. The president has yet to nominate a head for the office, or a chief technology officer. Michael Kratsios, former chief of staff to venture investor and Trump backer Peter Thiel, is deputy CTO.

Things changed in 2015 for her and thousands of other H-4 visa holders — spouses of those with H-1B visas — when President Barack Obama created a work permit for those whose spouses are in line to get a green card. By February 2016, Chawla had gotten a job with a startup that let her work remotely from her home in San Jose or nearby coffee shops. But now, experts say this rule is on the chopping block as the Trump administration seeks to curtail immigration in an attempt to protect American jobs.

As a ProPublica report from May 2017 detailed, Cloudflare provided this protective help to The Daily Stormer. The company defended its decision by citing its commitment to remaining neutral on the issue of clients’ content. That all changed after Charlottesville. Cloudflare’s Matthew Prince unilaterally decided to refuse service to the site, citing a clause in the company’s terms of service that allows it to refuse service at its sole discretion—a clause that many major platforms include. However, after calling the people behind The Daily Stormer “assholes,” Prince admitted something crucial in a separate blog post explaining his decision. “In a not-so-distant future, if we’re not there already, it may be that if you’re going to put content on the Internet you’ll need to use a company with a giant network like Cloudflare, Google, Microsoft, Facebook, Amazon, or Alibaba,” he wrote. “Without a clear framework as a guide for content regulation, a small number of companies will largely determine what can and cannot be online.”

Google once had Barack Obama’s ear, served as a revolving door for White House staff and saw its political agenda advance. In Donald Trump’s Washington, some conservatives say it’s gotten so powerful it should be regulated like a public utility. Google is not alone in a fall from grace. Tech companies — including Facebook Inc. and Amazon.com Inc. — that were previously lauded as innovators are facing increased scrutiny over their size, their hiring practices and whether online news feeds skew liberal.

Law360 reported on the ruling last week by U.S. District Judge Juan Sanchez of the Eastern District of Pennsylvania ordering Google to comply with two search warrants and turn over foreign-stored data as part of an U.S. investigation. The piece notes that this ruling “deepen[s] a break with the Second Circuit, which reached the opposite conclusion” in Microsoft’s warrant case.

The Federalist published an opinion piece by Dan King, a freelance journalist and digital rights advocate, who argues that Congress must pass the ECPA Modernization Act because it restores “some vital protections to Americans’ privacy.” King details several areas where the bill improves existing privacy protections, most notably via the requirement for law enforcement to obtain a warrant for archived email data. However, he notes that the bill does not address authorities’ broad powers to access geolocation data and track a cell phone user’s whereabouts, something he sees as a shortfall.

The ABA Journal published an abridged version of the speech Google’s general counsel, Kent Walker, delivered at the Heritage Foundation in June on the need for new legal frameworks governing law enforcement access to data stored abroad. The article highlights the importance of reforming ECPA, and notes Google’s support for ICPA as a “key component” in solving the issue of cross-border requests for data

NOTABLE QUOTES

“Maybe the court is saying that the government can’t plan to seize all devices when some devices are more likely to have evidence on them than others. From that perspective, Griffith may be a bigger deal. Maybe it is pushing back against the established caselaw allowing the overseizure at the physical search stage. If the court is taking that view, I should add, I think it is wrong: I happen to think that overseizure is necessary and that courts should allow it, because you never know where the electronic evidence might be.”

“The founders outlawed general warrants precisely to prevent governments from harassing their political opponents en masse… If the DOJ can unmask over a million internet users simply for visiting a website, without any further alleged connection to criminal activity, then no American is safe to use the internet to access dissident speech. The fear of being unmasked — and be subjected to harassment, or far worse — will chill the speech of millions more.”

“Does this mean that, whenever officers have reason to suspect a person of involvement in a crime, they have probable cause to search his home for cell phones because he might own one and it might contain relevant evidence? That, in essence, is the central issue raised by this case.”

“Because this court agrees with the government that it is the location of the provider and where it will disclose the data that matter in the extraterritoriality analysis, and because Google can retrieve and produce the outstanding data only in the United States, the court agrees with the magistrate judge’s conclusion that fully enforcing the warrants as to the accounts in question constitutes a permissible domestic application of the SCA.”

“But consider the 11th Circuit’s suggestion that “the warrants could have limited the request to messages sent to or from persons suspected at that time of being prostitutes or customers.” How is Facebook supposed to know which messages are from people suspected of being prostitutes or customers? Is the warrant supposed to give Facebook a list of specific suspected prostitutes and customers, such that only messages to and from them (from Facebook accounts known in advance, I gather) can be legally turned over to the government? If so, that seems problematic to me. The point of a warrant is to discover evidence in the place to be searched. I don’t see why relevant evidence involving then-unknown suspects or customers should be off-limits.”

“The government has no interest in records relating to the 1.3 million IP addresses that are mentioned in DreamHost’s numerous press releases and opposition briefs… The government is focused on the criminal acts of defendants and their co-conspirators, and not their political views — and certainly not the lawful activities of peaceful protesters… Similarly, the government is focused on the use of the Website to organize, to plan, and to effect a criminal act — that is, a riot.”

“That any competent prosecutor could think that any web host would somehow not retain such sensitive and personal information, and [it] therefore would not be included in its search warrant, is disingenuous at best.”

“ECPA should also be updated to address what data is available using an ECPA search warrant in a way that serves broader public policy objectives. Law enforcement requests for digital evidence should be based on the location and nationality of users, not the location of data. A key component of this reform is the International Communications Privacy Act, which Google supports. ICPA provides a unique opportunity for Congress to update laws governing digital evidence both for investigations in the U.S. and abroad. While refinements to ICPA may be necessary, we believe the principles upon which ICPA is based are sound.”

“While the ECPA Modernization Act is by no means a cure-all for the erosion of privacy rights in America, it certainly would move the nation in the right direction. Putting a stricter onus on government officials to prove probable cause before vacuuming up your data would be a huge step towards protecting privacy and due process rights in the digital age.”

“In [modifying the original warrant], the government has significantly altered the nature of the warrant it applied for, and therefore the information on which Senior Judge [Ronald] Wertheim based his probable cause determination… The government has provided no authority for the proposition that it can seek to broaden a search warrant without a new probable cause determination and under a new sworn affidavit.”